Scitokens Scitokens Library — known CVE vulnerabilities
Every CVE whose affected-product data names Scitokens Scitokens Library, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-32714 — CVSS 9.8 (critical): SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable…
CVE-2026-32716 — CVSS 8.1 (high): SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths…
CVE-2026-32727 — CVSS 8.1 (high): SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal…